Methodist Hospital in Lockdown After Ransomware Attack

Methodist Hospital in Henderson, KY., is currently in lockdown after a ransomware attack. The hospital has declared an “internal state of emergency,” after critical files were copied and locked. The hospital responded to the cyberattack quickly and was able to contain the malware, although as a result of the lockdown access to electronic communications and web-based systems remains limited.

The malicious software was inadvertently installed on the network resulting in files containing patient data being copied and encrypted. According to a statement issued by Methodist COO David Park, “the hackers have copied patients records and locked those copies. They’ve deleted the originals.”

Methodist Hospital was able to activate a backup system. Normal operations are continuing at the hospital without any interruption to patient services, but the issue has yet to be resolved and the main network remains locked. The FBI has been notified and an investigation into the cyberattack has commenced. Methodist Hospital is working with the FBI to determine the best way to resolve the issue.

A ransom demand has been issued by the attackers although at this stage it is not clear whether the hospital intends to pay to have the files unlocked. Park told 14 News “Depending upon the number of records that were locked, depends upon whether we’re going to consider looking into whether we pay anything.”

Hospitals can sometimes recover from ransomware attacks without data loss or paying a ransom, provided that data can be recovered from back up files. Last week, Ottawa Hospital suffered a ransomware attack that encrypted files on four computers. Those computers were rapidly isolated, the drives were wiped, and data were restored from a recent backup file without loss of patient information.

However, in February, Hollywood Presbyterian Medical Center was not so fortunate. The ransomware attack took the hospital’s systems out of action for more than a week and a ransom of $17,000 was paid to the attackers. The hospital was able to recover without data loss, although it is unclear why a restoration of backup files was not an option. Allen Stefanek, president and chief executive of Hollywood Presbyterian, said “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom.”

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.